Stephen's presentation

BOEING is a trademark of Boeing Management Company.Copyright © 2005 Boeing. All rights reserved.

What Hath Vint Wrought: Responding to the UnintendedConsequences of Globalization

Steve WhitlockChief Security ArchitectInformation Protection & AssuranceThe Boeing Company

Copyright © 2005 Boeing. All rights reserved.

Prehistoric E-Business


Employees moved out…


Associates moved in…


The Globalization Effect

is physically located inside ‘s perimeter and needs access to and

is physically located inside ‘s perimeter and needs access to and

’s application needs access to ’s application which needs access to ’s application

’s application needs access to ’s application which needs access to ’s application

is located physically outside ’s perimeter and need access to

is located physically outside ’s perimeter and need access to

is located physically inside ’s perimeter and need access to

is located physically inside ’s perimeter and need access to


Deperimeterization

Deperimeterization…… is not a security strategy… is a consequence of globalization by cooperating enterprises

Specifically Inter-enterprise access to complex applications Virtualization of employee location On site access for non employees Direct access from external applications to internal application and data

resources Enterprise to enterprise web services

The current security approach will change: Reinforce the Defense-In-Depth and Least Privilege security principles Perimeter security emphasis will shift towards supporting resource availability Access controls will move towards resources Data will be protected independent of location


Restoring Layered Services

Infrastructure Services

PEP

Network Services Security Services Other Services

DNS

Directory

DHCP Identity / Authentication

Authorization / Audit Print

Systems Management

Voice

P E P

Virtual Data CenterVirtual Data Center

PEP

Routing


Defense Layer 1: Network Boundary

PEP

An externally facing policy enforcement point demarks a thin perimeter between outside and inside and provides these services:

Legal and Regulatory Provide a legal entrance for enterprise Provide notice to users that they are entering a private network domain Provide brand protection Enterprise dictates the terms of use Enterprise has legal recourse for trespassers

Availability Filter unwanted network noise Block spam, viruses, and probes Preserve bandwidth, for corporate business Preserve access to unauthenticated but authorized

information (e.g. public web site)

An externally facing policy enforcement point demarks a thin perimeter between outside and inside and provides these services:

Legal and Regulatory Provide a legal entrance for enterprise Provide notice to users that they are entering a private network domain Provide brand protection Enterprise dictates the terms of use Enterprise has legal recourse for trespassers

Availability Filter unwanted network noise Block spam, viruses, and probes Preserve bandwidth, for corporate business Preserve access to unauthenticated but authorized

information (e.g. public web site)

Substantial access, including employees and associates will be from external devices

Substantial access, including employees and associates will be from external devices


Defense Layer 2: Network Access Control


PEP


DNS

Directory



Systems Management

Voice

P E P

All Policy Enforcement Points controlled by centralized services

All Policy Enforcement Points controlled by centralized services

No peer intra-zone connectivity, all interaction via PEPs

No peer intra-zone connectivity, all interaction via PEPs

Policy Enforcement Points may divide the internal network into multiple controlled segments.

Policy Enforcement Points may divide the internal network into multiple controlled segments.

Enterprise users will also go through the protected interfaces

Enterprise users will also go through the protected interfaces

Rich set of centralized, enterprise services

Rich set of centralized, enterprise services

Segments contain malware and limit the scope of unmanaged machines

Segments contain malware and limit the scope of unmanaged machines

Routing


Defense Layer 3: Resource Access Control


PEP


DNS

Directory



Systems Management

Voice

P E P

Virtual Data CenterControlled access to resources via Policy Enforcement Point based on authorization decisions

Controlled access to resources via Policy Enforcement Point based on authorization decisions

Qualified servers located in a protected environment or Virtual Data Center

Qualified servers located in a protected environment or Virtual Data Center

Additional VDCs as required, no clients or end users inside VDC

Additional VDCs as required, no clients or end users inside VDC

Virtual Data Center

PEP

Routing

All access requests, including those from clients, servers, PEPs, etc. are routed through the identity management system, and the authentication and authorization infrastructures

All access requests, including those from clients, servers, PEPs, etc. are routed through the identity management system, and the authentication and authorization infrastructures


Defense Layer 4: Resource Availability


PEP


DNS

Directory



Systems Management

Voice

P E PCritical infrastructure services highly secured and tamperproof

Critical infrastructure services highly secured and tamperproof

Enterprise managed machines will have full suite of self protection tools, regardless of location

Enterprise managed machines will have full suite of self protection tools, regardless of location

Virtual Data Center

Administration done from secure environment within Virtual Data Center

Administration done from secure environment within Virtual Data Center

Resource servers isolated in Virtual Cages and protected from direct access to each other

Resource servers isolated in Virtual Cages and protected from direct access to each other

Virtual Data Center

PEP

Routing


Identity Management Infrastructure

Migration to federated identities Support for more principal types – applications, machines and resources

in addition to people. Working with DMTF, NAC, Open Group, TSCP, etc. to adopt a standard

Leaning towards the OASIS XRI v2 format

Authorization Infrastructure

PolicyDecision

Point

Identifier and Attribute Repository

Authentication Infrastructure

SAML X509

Audit Logs

Domain + IdentifierDomain + Identifier


Authentication Infrastructure

Offer a suite of certificate based authentication services Cross certification efforts:

Cross-certify with the CertiPath Bridge CA Cross-certify with the US Federal Bridge CA Operate a DoD approved External Certificate Authority

Associates: authenticate locally and send credentials

Associates: authenticate locally and send credentials

Boeing employees use X.509 enabled SecureBadge and PIN

Boeing employees use X.509 enabled SecureBadge and PIN

External credentials:First choice – SAML assertionsAlternative – X.509 certificates

External credentials:First choice – SAML assertionsAlternative – X.509 certificates

PEP

Virtual Data Center

PEP

Infrastructure ServicesFederated Identity Management

Authentication Authorization


Policy Decision Point

Authorization Infrastructure

Policies: legal, regulatory, IP, contract, etc.Attributes: principal, data, environmental, etc.

Access Requests/Decisions

Applications

Data

Access Requests

Person, Machine, or Application

Access

Policy Management

Audit

Logs

Data Tag Management

Common enterprise authorization services Standard data label template Loosely coupled policy decision and

enforcement structure Audit service

Policy Engine

Policy Enforcement

Point

PDPs and PEPs use standard protocols to communicate authorization information (LDAP, SAML, XACML, etc.)

PDPs and PEPs use standard protocols to communicate authorization information (LDAP, SAML, XACML, etc.)


Anti VirusAnti Spam Anti Spyware

Encryption, Signature

Host BasedIDS / IPS

Software Firewall

Resource Availability: Desktop

HardwareHardware

KernelKernel

ApplicationApplication

NetworkNetwork

ActiveProtection Technology

Port and DeviceControl

TrustedComputing,

Virtualization

PhysicalControls


Layered defenses controlled by policies,Users responsible and empowered,Automatic real time security updates

Layered defenses controlled by policies,Users responsible and empowered,Automatic real time security updates

Health checked at network connection

Health checked at network connection


Resource Availability: Server / Application

Disk Farm

Application Blades Application Blade Detail

Guest OS Guest OS

Server 1 Hardware

Server 1 Host OS

Server 1 Virtual Machine

Guest OS

ApplicationA

In line network

encryption (IPSec)

VirtualNetwork

VirtualNetwork

Application A

in line network

encryption (IPSec)

Application A

in line network

packet filter

Server2

Server…

ServerN

Server1 Application N

Application …

Application C

Application B

Application A

PEP


PEP

Separate admin accessSeparate admin access

No internal visibility between applications

No internal visibility between applications


Task B Resources

Task A Resources

Availability: Logical View

PEP

Data21

App20

App23

Data22

PEPPEPPEP

PEP

PEP

PEP

PEP

PEP

App01

Data00

Data03

Data02 PEPPEP

App11

App10

Data13

App12

PEP

PEPs breached only for duration of task

PEPs breached only for duration of task

All resources logically isolated by PEPs

All resources logically isolated by PEPs

Task patterns may be managed holistically

Task patterns may be managed holistically


Encryption and Signature Services

Supporting Services: Cryptographic Services

Key and CertificateServices

Applications

Whole Disk

File

Data Objects

Tunnels

E-MailE-Mail

OtherCommunications

IMPolicy Decision

Point

Policies determine encryption services

Policies determine encryption services

Policy driven encryption

engine

PKIServices

Encryption applications use a set of common encryption services

Encryption applications use a set of common encryption services Code

Centralized smartcard support

Centralized smartcard support

All keys and certificates managed by corporate PKI

All keys and certificates managed by corporate PKI


Supporting Services: Assessment and Audit Services

Log Analyzer

Vulnerability Scanner

Servers, network devices, etc.

PEPs and PDPs

IDS/IPS Sensors


Logs

Automated scans of critical infrastructure components driven by policies and audit log analysis

Automated scans of critical infrastructure components driven by policies and audit log analysis

Logs collected from desktops, servers, network and security infrastructure devices

Logs collected from desktops, servers, network and security infrastructure devices

Policies determine assessment and audit, level and frequency

Policies determine assessment and audit, level and frequency


Protection Layer Summary

Identification

Authentication

Authorization

Authentication

Audit

Authorization

Audit

Authorization

Secure Location

Layer AccessRequirements

Defense Layer 1: Network Boundary

Defense Layer 4: Resource Availability

Defense Layer 3: Resource Access Control

Defense Layer 2: Network Access Control

Internet

Intranet

Enclave

Resource

Service

Basic Network Enclave Services

Application and Data Access

Only Administrative Access

DNS, DHCP, Directory Services

External Services (public web, etc.)

Services by Layer Access FlowAccess and

Defense Layers
